China Slams Bitcoins: What's Next?

Chinese central bank prohibits the country's financial institutions from touching bitcoins, but plans regulation. Cue further trouble for the crypto-currency?

The value of bitcoins dropped 30% Thursday after the People's Bank of China and five other Chinese government ministries banned the country's financial institutions from handling the currency.

China's central bank issued a notice (naturally, in Chinese) that prohibits all Chinese financial and payment institutions from conducting any business using bitcoins, buying or selling bitcoins, or allowing products or services to be priced in bitcoins, and said that insurance would not cover any losses related to bitcoins.

Potentially adding insult to injury for the crypto-currency crowd's injury, China also said that because bitcoins lack "legal status and monetary equivalent," it wouldn't even deign to call the virtual payment system a currency.

After the Chinese central bank released its statement, the value of a bitcoin dropped to $870 on MtGox, the world's biggest Bitcoin exchange. That was down from this week's high of $1,240, but still well above the currency's all-time low of $1 in 2011. But by Friday, bitcoins had regained some of their value, trading at around $1,000.

Does China's stance on bitcoins signal danger for the crypto-currency? In fact, China didn't fully outlaw bitcoins. Rather, in what might be seen as akin to its approach to gambling, the government intends to regulate them. Notably, the central bank said that any site that wants to handle or process bitcoins must first register with China's telecommunications authorities, comply with anti-money laundering obligations, identify all users, and report any suspicious transactions. In short, Chinese authorities have prohibited bitcoins from being used anonymously.

China's central bank also warned that using bitcoins carries enormous risks for "ordinary investors," including a large degree of volatility, owing to a 24-hour trading window and a lack of built-in price limits. The bank further criticized the payment system's anonymity and lack of geographic restrictions, saying that made it an ideal vehicle for money laundering and financing terrorism. It also cited evidence that bitcoins were being used to finance drugs, firearms, and other criminal activities.

The bank also highlighted the risk of Bitcoin users being "exploited by criminals" and other unscrupulous -- or just clueless -- organizations, including bogus Bitcoin trading sites, as well as Bitcoin exchange operators who failed to implement proper information security controls.

When it comes to how governments view the Bitcoin phenomenon, Chinese officials' views aren't outliers. "It's a bubble," former Federal Reserve chairman Alan Greenspan told Bloomberg this week, effectively dismissing the virtual money. "It has to have intrinsic value. You have to really stretch your imagination to infer what the intrinsic value of Bitcoin is. I haven't been able to do it. Maybe somebody else can."

Similarly, Nout Wellink, the former president of the Dutch Central Bank, this week likened Bitcoin hype to the tulip mania in the early 1600s, when volatility in tulip bulb prices lead to a single bulb reportedly selling for 10 times the annual average wage of a skilled craftsman, threatening to topple the entire monetary system of some other European countries, including Great Britain. When the tulip-fueled speculative bubble burst, however, some people were left holding contracts for tulips valued at ten times what they were worth on the open market.

"Bitcoins are worse than the tulip mania," Wellink said (in Dutch). "Then, you at least got a tulip. Now, you get nothing."

Some users of bitcoins have learned that lesson the hard way. As the value of the currency has continued to rise, so has related interest from the cybercrime set. That includes the gang behind the Citadel banking malware, which was recently upgraded to capture screenshots if users browse to one of a number of virtual money sites, including not only stalwarts webmoney.ru and perfectmoney.com, but also bitcoin.org, mining.bitcoin.cz, and other Bitcoin trading and mining sites.

"In addition to this new Citadel variant, Trusteer's security team has observed an increase in the number of forum posts of members looking for help in targeting a Bitcoin related site while some cybercriminals are also asking for Bitcoin users' email databases," said Trusteer's Etay Maor Thursday in a "Bitcoin: a Platform or a Target?" blog post.

Related attacks continue to occur. Earlier this week, for example, popular Bitcoin discussion forum Bitcointalk.org warned its 176,584 members that their usernames and passwords may have been compromised by hackers, who apparently used a distributed denial-of-service (DDoS) attack as a smokescreen.

That followed another DDoS attack being used to hide a heist last month against Denmark-based Bitcoin payment processor Bitcoin Internet Payment System (BIPS) -- resulting in the theft of 1,295 bitcoins. Worth nearly $1 million at the time, the bitcoins had been stored in a free e-wallet service offered by BIPS. That led information security experts to recommend that anyone who uses bitcoins should never store them online, or perhaps on any Internet-connected system at all, given the ongoing risk of theft.

In October, meanwhile, two attacks against Australia-based free e-wallet service Inputs.io netted attackers about $1.3 million in bitcoins. The same month, a scam Bitcoin exchange set up in China tricked about 1,000 people into depositing bitcoins. But whoever was behind the site -- and the site itself -- disappeared in October, leaving someone about $4.1 million richer.

Even Bitcoin exchange MtGox was hacked -- via a SQL injection attack -- in June 2011, after which some senior members in the Bitcoin community claimed to have been offered the site's entire user database.

While the Bitcoin debate -- as Vice magazine summarized it -- often veers between "crypto-anarchist dreams" and "Ponzi scheme fears," for anyone who wants to use bitcoins without their wallets or payment processors being robbed, the overriding question remains: Can the Bitcoin ecosystem be secured?

I would not say threat to democracy but yes its increasing popularity has made Bitcoin, a kind of universal currency due to which China think that this can disturb image of natural currency. Also due to this act of China Bitcoin Price Index has dropped i.e. now the price of each bitcoin is just about $680.

I'm surprised that Greenspan would assert, "It has to have intrinsic value. You have to really stretch your imagination to infer what the intrinsic value of Bitcoin is. I haven't been able to do it. Maybe somebody else can." The basic definition of money is that it is a medium of exchange, a meaure of value, and a store of value. Intrinsic value has nothing to do with it.

Well of course BITCOINS can be secured. Diamond Circle offers a complete solution for obtaining and disposing of them. Like any financial system security controls are essential and the methods of ensuring control require a form of centralisation from a trusted authority.

The decision by the Chinese Government is responsible because it seeks to force parties like ours to put in the right types of controls such as identifying and recording transactions. Excluding the Banking system means that costs will be lower for our Merchants that accept Bitcoins for trade and exchange.

Our NFC readers allow our merchants to charge customers in Bitcoins, and to provide Bitcoin ATMs that can be used to issue new wallet tags as well as top up and withdraw funds from Bitcoin accounts.

The NFC tags can be affixed to the back of a mobile phone and are used to store the owner's Bitcoin balance and their private key. They are encoded using our proprietary technology which prevents a 'man in the middle' attack — where vital data is stolen or manipulated during transfer.

Merchants can then use a standard NFC reader attached to a PC to read a tag's balance and transfer the cost of a purchase from a customer's Bitcoin tag to their own account.

The software will automatically adjust the amount of Bitcoins the customer pays For example, if a coffee costs $3.50, the system works out how much $3.50 is in Bitcoins immediately and in your currency.

The NFC reader can also be used to load credit onto a tag. In this scenario a consumer may present their cash or credit card to a merchant, who transfers bitcoin to the consumer's tag.

The Bitcoin ATMs are designed to be installed in shopping centres as standalone units, enabling users to purchase NFC tags pre-loaded with their choice of Bitcoin balance as well as top up the balance on their existing tag by tapping it to the machine. The ATMs will accept payment for Bitcoins via debit or credit card and will also allow customers to withdraw Bitcoins stored on their NFC tag in the form of a cashier's cheque.

By using NFC devices which are low cost and flexible, we are able to offer users a simple and safe way of storing and transacting Bitcoin. In the case of a lost or stolen tag our web portal can be used by a consumer to cancel and transfer the balance to another tag. The readers can be used at home also.

Using Banking Level Security means that the issue of loss is negated. It is unfortunate that Banks are excluded from this process, however non-banking organisations like ours are able to offer innovations which make dealing with bitcoins safe and secure.

If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.